If you do business online, you need to pay close attention to the requirements of the Children’s Online Privacy Protection Act (COPPA or the Act). Enacted in 1998, the COPPA requires the Federal Trade Commission (FTC) to enforce rules that regulate how website operators collect, use, and distribute personal information from children online. The FTC’s COPPA Rule spells out the specifics of the Act.
It is worthwhile to familiarize yourself with the requirements of the COPPA – if you have not already done so. Here is a quick rundown of the key issues to get you started.
Does the COPPA apply to your business?
The answer is YES, if your business involves any of the following:
- Commercial websites or online services that target children under the age of 13, and collect personal information from children;
- Websites intended for a general audience, but knowingly collect personal information from children under the age of 13;
- Websites intended for a general audience, but have separate areas for children and collect personal information from children.
What does compliance with the COPPA entail?
Being COPPA-compliant means your online business must meet a number of requirements including:
2. Provide notice to parents about your online information collection practices.
3. Obtain verifiable parental consent before collecting personal information from children.
4. Give parents the choice to consent to the collection and use of their children’s personal information.
5. Provide parents with access to their children’s information, and the opportunity to delete the information and opt-out from future information collection and use.
6. Maintain the confidentiality and security of the personal information collected from children.
Why is COPPA compliance important?
The simple answer is it is the law. However, the important consideration is how non-compliance could affect your business. The penalties of non-compliance are often stiff. Having spent the time and money to develop a viable online business, it makes sense to go the extra mile to ensure that you are operating on the right side of applicable regulations.
Learning from the Expensive Mistakes of Others
In many respects, the requirements of the COPPA appear clear enough. It is therefore ironic that even some high profile companies miss the mark.
In 2008, the FTC charged the operators of a social networking site that targets children with violation of the COPPA. According to the FTC’s complaints, the online business allowed children to create accounts by submitting personal information prior to providing notice to parents or obtaining parental consent. The company agreed to a settlement, which included a civil penalty of $130,000, an order that prohibits the company from violating the COPPA Rule, and a requirement for the deletion of all personal information collected in violation of the Rule.
Also in 2008, a major online music company found out the high cost of what the FTC referred to as “falling down on its COPPA obligations”. The FTC charged that the company violated COPPA by failing to provide sufficient notice on its websites about the information it collects, how it uses the information, and its disclosure practices. In the settlement, the company agreed to pay a civil penalty of $1 million as well as commit to orders to ensure future compliance.